Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: strange HTTP scan/attack?
From: Anne Marcel Roorda <marcel () OUR DOMAINTJE COM>
Date: Wed, 29 Nov 2000 09:35:52 +0100
On Mon, 27 Nov 2000, Jim Bacon wrote:


I am seeing someone repeating hitting a CGI script with a HEAD request and
then submitting a query of the form:

http://blah.blah.blah/cgi-bin/cgiscript/0/0/0/Angola
http://blah.blah.blah/cgi-bin/cgiscript/0/0/0/England
http://blah.blah.blah/cgi-bin/cgiscript/0/0/0/0/Angola
http://blah.blah.blah/cgi-bin/cgiscript/0/0/0/0/England

Where it cycles thru a list of all country names, then starts over with
another 0 in the query string.

This is coming into my server almost as fast as possible, and is somewhat
annoying.

Can anyone offer any clues tp what this is and what I can do about it?  It
appears to be originating from a UUnet dialup in the UK, so any complaints
to a live human are impossible and email complaints just an excercise in my
typing practice.


Hi,

  If you had taken a look at the contact page on www.uk.uu.net then
you'd have found the following.

<quote>

Security issues - hacking, portscanning, denial of service attacks.

If you have been subject to an attack of this type. Please contact our
Abuse team immediately on 01223 250570. If the attack occurs out of hours,
please contact our 24x7 team on 01223 250122

Once you make contact with the Abuse team, they will require copies of the
logs showing dates, times and timezones of
the attack.

</quote>

- marcel

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]